Kone hidastelee & HjT logit

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by Razaeros, Jun 28, 2008.

  1. Razaeros

    Razaeros Member

    Joined:
    Jun 28, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Eli, koneeni on alkanut eilen/tänään hidastumaan ihan hirveästi.
    Explorer.exe saattaa kaatua yhtäkkiä.
    Toivottavasti HjT logit kertovat mikä ongelmana.
    Ja sitten tietenkin: Avast!:in prosessit vievät muistia 25000/75000kt ja samalla suoritinkäyttö menee 60-100%.

    HjT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:39:16, on 29.6.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\VDOTool\TBPanel.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\system32\RUNDLL32.EXE
    E:\WINDOWS\RTHDCPL.EXE
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    E:\Program Files\Winamp\winampa.exe
    E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
    E:\Program Files\PowerISO\PWRISOVM.EXE
    E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    E:\Program Files\DAEMON Tools Lite\daemon.exe
    E:\Program Files\Xfire\xfire.exe
    E:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\MONyog\bin\MONyog.exe
    E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\IoctlSvc.exe
    E:\WINDOWS\system32\PnkBstrA.exe
    E:\Program Files\Spyware Terminator\sp_rsser.exe
    E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    E:\Program Files\Steam\Steam.exe
    E:\Program Files\mIRC\mirc.exe
    E:\Program Files\Windows Live\Messenger\usnsvc.exe
    E:\Program Files\COMODO\Firewall\cfp.exe
    E:\WINDOWS\system32\rsvp.exe
    E:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    E:\WINDOWS\explorer.exe
    E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.0.254/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - E:\Program Files\free-downloads.net\tbfree.dll
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - E:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - E:\Program Files\free-downloads.net\tbfree.dll
    O4 - HKLM\..\Run: [Gainward] E:\Program Files\VDOTool\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "e:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Xfire.lnk = E:\Program Files\Xfire\xfire.exe
    O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Open in new background tab - res://E:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?a5984b3602aa4d34864346024a480790
    O8 - Extra context menu item: Open in new foreground tab - res://E:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?a5984b3602aa4d34864346024a480790
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MONyog - Unknown owner - C:\MONyog\bin\MONyog.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    --
    End of file - 9436 bytes
     
    Razaeros, Jun 28, 2008
    #1
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Aloitetaan vaikka näillä:

    Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
    Vistassa Ohjelmat ja toiminnot
    Etsi ja poista ohjelma jonka nimessä on:

    Spyware Terminator
    MONyog


    Käynnistä kone vikasietotilaan => OHJE
    Laita piilotiedostot näkyviin =>vikasiedossa OHJE

    Poista kansio/t:
    C:\MONyog\
    E:\Program Files\Spyware Terminator\

    *********************************************************

    Lataa Malwarebytes' Anti-Malware työpöydällesi.

    * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
    * Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
    * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
    * Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
    * Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
    * Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
    * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
    täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

    --------------------------------------------------------

    Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
    Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

    Tyhjennä roskakori ja käynnistä koneesi uudelleen.

    Postita tänne seuraavat lokit:
    * Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
    * Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
    .
     
    kalminen, Jun 29, 2008
    #2

Share This Page